Install Shield does not run within Sandboxie since sept 2022

[JaapvanderLeer]

Describe what you noticed and did

When the install file for Panoramamaker 6 is run in a standard sandbox, an error is encountered, both in Windows 10 and Windows 11:
"The InstallShield Engine (ikernel.exe) could not be launched.
You don't have the necessary permissions for this activity".

When "Open Access to Com Infra Structure (not recommended) " is activated, the message becomes:
"The InstallShield Engine (ikernel.exe) could not be launched.
Insufficient memory available to finish this activity".

The installer produces this file ikernel.exe in the sandbox at location C:\Sandbox{user}\Test\drive\C\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ikernel.exe, size 614.532 bytes, md5 b3fd01873bd5fd163ab465779271c58f, version 6.31.100.1221 as of 25-7-2002. So quite old in effect.

At Aug 26 2022, this file was processed in Sandboxie Plus 1.2.8 under Windows 10 without error. Therefore, it is reasonable to expect that a recent Windows Update lies at the base of the error. Since aug. 26th 2022, the suspect update would be KB5017308, details at https://support.microsoft.com/en-us/topic/september-13-2022-kb5017308-os-builds-19042-2006-19043-2006-and-19044-2006-e4ea187e-28e8-4d4b-808b-2794babdce4c . However, this does not give much insight in what has changed, mentioning only "Addresses security issues for your Windows operating system.".

The install file runs without issues outside of the Sandbox.

How often did you encounter it so far?

This error was first seen on Sept 30th 2022, and is since always.

Affected program

Panoramamaker 6 try-out, however, the report is is about the enclosed Install Shield executable,

Download link

The Panoramamaker 6 file can be downloaded from https://arcsoft-panorama-maker.en.softonic.com/ Its size is 42.062.416 bytes, md5 ad57115f40c3fa8c09e0f7be7878aa80

Where is the program located?

The program is installed only outside the sandbox.

Expected behavior

Before Aug 27th 2022, the file ran in the Sandbox and installed Panoramamaker 6 in the Sandbox. This is what I expect to happen.

What is your Windows edition and version?

Windows 10 21H2, Windows 11 Home 22H2

In which Windows account you have this problem?

A local or Microsoft account without special changes.

Please mention any installed security software

Microsoft Defender, but the error occurs also if real-time protection is switched off.

What version of Sandboxie are you running?

Sandbox 1.2.8. on Windows 10, Sandbox 1.3.5 on Windows 11

Is it a new installation of Sandboxie?

I have been using the same version for some time.

Is it a regression?

No regression as far as I think.

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on an empty sandbox?

I can confirm it also on an empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

I did not enable extra security policy setting.

Crash dump

No response

Trace log

10:04:09.474 Setup.exe 2796 19244 Debug (U) Trace CreateProcess: C:\Sandbox\Famva\Test\drive\C\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe ("C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServer); err=0 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls\wow64.dll 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls\wow64win.dll 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls\kernel32.dll 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\kernel32.dll 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls\user32.dll 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls\wow64cpu.dll 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\kernel32.dll 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\kernelbase.dll 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \Sessions\11\Windows\SharedSection 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \Sessions\11\Windows\ApiPort 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02_p0 10:04:09.474 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\PSAPI.DLL 10:04:09.474 IKernel.exe 14692 17720 Ipc (U) (2) \Sessions\11\BaseNamedObjects\SBIE_BOXED_DummyEvent_14692 10:04:09.474 IKernel.exe 14692 17720 Ipc (U) \GLOBAL??\C: 10:04:09.474 IKernel.exe 14692 17720 Ipc (U) \Device\HarddiskVolume3 10:04:09.474 IKernel.exe 14692 17720 Ipc (U) \Device 10:04:09.474 IKernel.exe 14692 17720 Drive (U) \Device\HarddiskVolume3 10:04:09.474 IKernel.exe 14692 17720 Ipc (U) \GLOBAL??\D: 10:04:09.474 IKernel.exe 14692 17720 Ipc (U) \Device\HarddiskVolume5 10:04:09.474 IKernel.exe 14692 17720 Ipc (U) \Device 10:04:09.474 IKernel.exe 14692 17720 Drive (U) \Device\HarddiskVolume5 10:04:09.485 IKernel.exe 14692 17720 Ipc (U) (2) \Sessions\11\BaseNamedObjects\SboxSession 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\MSVCRT.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\SHLWAPI.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\user32.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\win32u.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\gdi32.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\gdi32full.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\msvcp_win.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\ucrtbase.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\advapi32.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\sechost.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\rpcrt4.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\ole32.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\combase.dll 10:04:09.496 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\SHELL32.dll 10:04:09.507 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\OLEAUT32.dll 10:04:09.507 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\WS2_32.dll 10:04:09.507 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\COMDLG32.dll 10:04:09.507 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\SHCORE.dll 10:04:09.507 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\IMM32.dll 10:04:09.518 IKernel.exe 14692 17720 Ipc / ??????�?????? (U) Open (2) \RPC Control\SbieSvcPort 10:04:09.581 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\bcrypt.dll 10:04:09.581 IKernel.exe 14692 17720 Ipc / ??????�?????? (U) Open \RPC Control\epmapper 10:04:09.581 IKernel.exe 14692 17720 Ipc (U) (2) \Sessions\11\BaseNamedObjects\SBIE_WindowsInstallerInUse 10:04:09.581 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\Setupapi.dll 10:04:09.581 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\cfgmgr32.dll 10:04:09.644 IKernel.exe 14692 17720 Ipc / ??????�?????? (U) Open (2) \ThemeApiPort 10:04:09.644 IKernel.exe 14692 17720 Ipc / ????????????? (U) Open (2) \Sessions\11\Windows\ThemeSection 10:04:09.644 IKernel.exe 14692 17720 Ipc / ????????????? (U) Open (2) \Windows\Theme2387430609 10:04:09.644 IKernel.exe 14692 17720 Ipc / ????????????? (U) Open (2) \Sessions\11\Windows\Theme2034305459 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\Local\SM0:14692:168:WilStaging_02 10:04:09.644 IKernel.exe 14692 17720 Ipc (D) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02_p0 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\Local\SM0:14692:168:WilStaging_02_p0 10:04:09.644 IKernel.exe 14692 17720 Ipc (D) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02_p0 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\Local\SM0:14692:168:WilStaging_02 10:04:09.644 IKernel.exe 14692 17720 Ipc (D) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) (2) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02_p0 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Device\KsecDD 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Device 10:04:09.644 IKernel.exe 14692 17720 Pipe / Pipe (U) \Device\KsecDD 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Device\DeviceApi\CMApi 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Device\DeviceApi 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Device 10:04:09.644 IKernel.exe 14692 17720 Pipe / Pipe (U) \Device\DeviceApi 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) (2) \Sessions\11\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\Local\SM0:14692:168:WilStaging_02 10:04:09.644 IKernel.exe 14692 17720 Ipc (D) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) (2) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02_p0 10:04:09.644 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\bcryptPrimitives.dll 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Device\CNG 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Device 10:04:09.644 IKernel.exe 14692 17720 Pipe / Pipe (U) \Device\CNG 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\Local\SM0:14692:168:WilStaging_02 10:04:09.644 IKernel.exe 14692 17720 Ipc (D) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02 10:04:09.644 IKernel.exe 14692 17720 Ipc (U) (2) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02_p0 10:04:09.644 IKernel.exe 14692 17720 Ipc / ????????????? (U) (2) \Sessions\11\BaseNamedObjects\windows_shell_global_counters 10:04:09.676 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\Local\SM0:14692:168:WilStaging_02 10:04:09.676 IKernel.exe 14692 17720 Ipc (D) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02 10:04:09.676 IKernel.exe 14692 17720 Ipc (U) (2) \Sessions\11\BaseNamedObjects\SM0:14692:168:WilStaging_02_p0 10:04:09.676 IKernel.exe 14692 17720 Ipc / ????????????? (U) Open (2) \BaseNamedObjects_ComCatalogCache_ 10:04:09.676 IKernel.exe 14692 17720 Ipc (D) Open \KnownDlls32\clbcatq.dll 10:04:09.676 IKernel.exe 14692 17720 Ipc (U) Open (2) \KernelObjects\MaximumCommitCondition 10:04:09.676 IKernel.exe 14692 17720 Ipc / ????????????? (U) Open (2) \BaseNamedObjects_ComCatalogCache_ 10:04:09.779 IKernel.exe 14692 17720 Ipc (U) Open (2) \Security\LSA_AUTHENTICATION_INITIALIZED 10:04:09.779 IKernel.exe 14692 17720 Ipc / ??????�?????? (U) Open \RPC Control\lsasspirpc 10:04:09.779 IKernel.exe 14692 17720 Ipc / ????????????? (U) Open (2) \BaseNamedObjects_ComCatalogCache_ 10:04:09.779 IKernel.exe 14692 17720 Ipc / ??????�?????? (U) Open (2) \RPC Control\epmapper 10:04:09.779 IKernel.exe 14692 17720 Ipc / ??????�?????? (U) Open \RPC Control\lsapolicylookup 10:04:09.779 IKernel.exe 14692 17720 Ipc (U) Open (2) \RPC Control\OLE29487561EA394ED9C7A6F372CDD1 10:04:09.779 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\Local\SM0:14692:64:WilError_03 10:04:09.779 IKernel.exe 14692 17720 Ipc (D) \Sessions\11\BaseNamedObjects\SM0:14692:64:WilError_03 10:04:09.779 IKernel.exe 14692 17720 Ipc (U) \Sessions\11\BaseNamedObjects\Local\SM0:14692:64:WilError_03_p0 10:04:09.779 IKernel.exe 14692 17720 Ipc (D) \Sessions\11\BaseNamedObjects\SM0:14692:64:WilError_03_p0 10:04:09.779 IKernel.exe 14692 17720 ComClass (U) {0358B920-0AC7-461F-98F4-58E32CD89148} Wininet Cache task object

Sandboxie.ini configuration

[GlobalSettings]

Template=Edge_Win11Fix
Template=RpcPortBindings
Template=AdobeDistiller
Template=WindowsRasMan
Template=AdobeLicensing
Template=WindowsLive
Template=AdobeAcrobatReader
Template=SnagIt
Template=OfficeLicensing
FileRootPath=C:\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%


[Test]

Enabled=y
ConfigLevel=9
AutoRecover=y
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=BlockPorts
Template=LingerPrograms
Template=Firefox_Phishing_DirectAccess
Template=AutoRecoverIgnore
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Favorites%
RecoverFolder=%Desktop%
BoxNameTitle=y
BorderColor=#0080FF
DeleteCommand="C:\Program Files\Sandboxie\sdelete.exe" -p 1 -s -q "%SANDBOX%"
BlockFakeInput=n
CopyLimitKb=149152
BlockNetParam=y
OpenIpcPath=\RPC Control\OLE*
OpenIpcPath=\RPC Control\LRPC*
OpenIpcPath=\RPC Control\epmapper
OpenIpcPath=*\BaseNamedObjects*\__ComCatalogCache__

[DavidXanatos]

interesting i get an other error bnut it still does nto work, will lok into it asap

[DavidXanatos]

You need to add

ApplyElevateCreateProcessFix=y

to your sandbox config

[JaapvanderLeer]

I tried this at my site.

Once ApplyElevateCreateProcessFix=y is added to the ini-file, I get the message (translated):
"Cannot open file C:\PROGRA2\COMMON1\INSTAL~1\Engine\6\Intel"

Using a sandboxed Explorer, the path "C:\PROGRA2\COMMON1\INSTAL~1\Engine\6" exists in the Sandbox.
Next, Panoramamaker notes that the activity was cancelled by the user.

However, at this path a directory "Intel 32" exists. Note the space before "32". So, the error message is in itself correct, however, for some reason, the directory "intel 32" is not changed into "INTEL3~1" (or something like that), so, cannot be found.

Any idea about what happened?

[DavidXanatos]

try an empty box, on my system the installation went through just fine

[JaapvanderLeer]

Strange. I just made a new box, added ApplyElevateCreateProcessFix=y and launched the installer. Same result. Error.

Now, I have my Sandbox on D: for reasons of space. If I put my Sandbox File System root to C;, the installer runs flawlesly, as is the case with you.

So, this problem solved for Installer, you might think about the difference of having the Sandbox on D: and have the installer think it has to look for a file on C: ! Probably, somewhere in the matching process of the path, it seems to look at the real drive C: just to find nothing is there.

Thnx, Jaap

[DavidXanatos]

huh... that is so wired, will have to test this in depth, the box location should not be relevant, perhaps there is some deeper issue with that

[DavidXanatos]

mmh.... there is something screwed up with the invocation of SH32_DoRunAs
when the box is on C it gets a short path passed (no spaces)
when the box is on E it gets the long path passed (with spaces)
and there is a screw-up where the space breaks the path very strange

[DavidXanatos]

Ok so the issue is not with sandboxie but with windows:
https://digitalsupport.ge.com/en_US/Article/Is-Windows-8-3-File-Naming-Enabled-How-Do-I-Enable-8-3-File-Naming-If-It-Is-Not
long story short (pun intended) the GetShortPathNameA function can fail on volumes other the C: if 8.3 aliasing is not explicitly enabled by the administrator.
this led to a invalid path being written to the sandboxed registry and subsequently an attempt to start a process with a broken path

[JaapvanderLeer]

Wow!

[dfgyuri]

Hello, I am facing the same issue on 1.5.3 and have enabled 8.3 naming (output of fsutil 8dot3name query is 0) but am still getting 2227 error when attempting to install a program. I have tried creating a new sandbox and checked to make sure it had 8.3 naming with dir /x but still erroring out with 2227. Is there additional settings I need to change to fix the issue?

edit: I have resolved the issue by setting NtfsDisable8dot3NameCreation back to 2 and changing the state of D: itself instead of globally.